For anyone running a blog or a website with a comment section, spam in the comments is a vexed issue. Though there are tools for WordPress that already sort out the spam pretty well and pack it into a spam folder, these entries needs to be checked anyway, because you dont’t want to accidentally delete a real comment, that landed in the spam folder for some reason.
This takes time and just annoying!
Luckily, there are some mmore options for you – at least, if you have a root access to your Linux server.
Most recently, a bot had spammed my page and left more then 30 spam comments every day. That was too much.
Antispam Bee, which has all properly sorted out and put them in the spam folder, is so kind and gives you the IP address from those who have left this spam. And it turned out on days that it was always the same three IP addresses.
So the challenge now is to block these three IP addresses.
For this task Linux has IPTables. IPTables is pre-installed on nearly any Linux machine and is a program for configuring a firewall – hence unfortunately arbitrarily complex. A complete execution about IPtables would be far too much at this point.
In short, it sets rules, what the Linux kernel has to do when and how with which request.
So if you now want to block an IP address, a simple line in the terminal will do the job:
iptables INPUT -A -s IP address-j DROP
Where the IP address has to be replaced with the address to be blocked.
This line causes, that everything coming from that IP address will be immediately sent to trash and appreciated no answer. Thus, the server plays dead man for this IP address.
Additional IP addresses may be blocked In the same way.
Unfortunately, these rules are not stored permanently but lost on reboot. To load the rules after a restart, they must be stored in a file.
On Debian / Ubuntu this is done with the command
iptables-save > /etc/firewall.conf
The name of the file is arbitrary.
The restoration of the rules after a restart then proceeds with the command
iptables-restore < /etc/firewall.conf
For this command to run at startup, it must be packed in a startup scripts. I use /etc/rc.local for that.
So open the file with Notepad
And insert this line before the "exit 0".
#!/bin/sh -e # # rc.local # # This script is Executed at the end of each multiuser runlevel. # Make sure the script did want to "exit 0" on success or any other # Value on error. # # In order to enable or disable this script just change the execution # Bits. # # By default this script does nothing. iptables-restore < /etc/firewall.conf exit 0
Save the file and you're done.
You've got a little more calm and much less spam than before ;-).
If you've accidentally blocked a wrong IP, the concerning rule can be simply deleted with
iptables-D INPUT-j DROP -s IP address